The author is a Forbes contributor. The opinions expressed are those of the writer.

Loading ...

Loading ...

This story appears in the {{article.article.magazine.pretty_date}} issue of {{article.article.magazine.pubName}}. Subscribe

Have old school malware writers resurfaced? According to Kaspersky Lab CEO Eugene Kaspersky they have, and they are behind the newest cyber attack against governments in Europe through a malware code the Russian internet security firm dubbed "MiniDuke."

In a statement on their Securelist website, Kaspersky said miniduke is a very unusual cyberattack. I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyberworld. These elite, 'old school' malware writers were extremely effective in the past at creating highly complex viruses, and are now combining these skills with the newly advanced sandbox-evading exploits to target government entities or research institutions in several countries.”

MiniDuke’s customized backdoor was written in Assembler and is only 20 kilobytes. Such compact malware was often written in Assembler and was very common back in the days of the VX group “29A”, more for practice than sophisticated criminal use.

"The combination of experienced old school malware writers using newly discovered exploits and clever social engineering to compromise high profile targets is extremely dangerous," Kaspersky said in the statement.

Shortly after publishing their findings together with the Laboratory of Cryptography and System Security (CrySys) in Budapest, the Guardian ran with it on its website, citing the reports findings that said miniduke was still active on government computers in countries like Portugal, Ireland and Belgium. The report also said that an unnamed health care company in the United States was also under attack from the Adobe exploit malware.

CrySys identified servers in Panama, France, Switzerland, Germany and the U.S. as the source of the code.

Some tweets sent by @EdithAlbert11 contained the links to the malware. No one knows who is behind the account. It only has four followers, and apparently Edith is a Belieber. The phony account follows Justin Beiber.